JunOS Local Security Checks : Juniper Networks Junos OS SRX Series: Hardcoded Credentials Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.106943

Kategorie: JunOS Local Security Checks

Titel: Juniper Networks Junos OS SRX Series: Hardcoded Credentials Vulnerability

Zusammenfassung: Junos OS on SRX series contain hardcoded credentials.

Beschreibung: Summary:
Junos OS on SRX series contain hardcoded credentials.

Vulnerability Insight:
As part of an internal security review of the UserFW services authentication
API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and
potentially LDAP and Active Directory integrated points.

Credentials may be taken from the network via man-in-the-middle attacks, or other attack vectors, as above, or
others not listed.

Vulnerability Impact:
An attacker may be able to completely compromise both the SRX Series device
without authentication, other SRX Series devices deployed in the same environment running vulnerable versions of
Junos OS, as well as Active Directory servers and service, including but not limited to, user accounts,
workstations, servers performing other functions such as email, database, etc. which are also tied to the Active
Directory deployment. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full
administrative control over one or more Active Directories depending on the credentials supplied by the
administrator of the AD domains and SRX devices performing integrated authentication of users, groups and
devices.

Affected Software/OS:
Junos OS 12.3X48 and 15.1X49 on SRX Series.

Solution:
New builds of Junos OS software are available from Juniper.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-2343
http://www.securitytracker.com/id/1038904

Copyright Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.106943
Kategorie:	JunOS Local Security Checks
Titel:	Juniper Networks Junos OS SRX Series: Hardcoded Credentials Vulnerability
Zusammenfassung:	Junos OS on SRX series contain hardcoded credentials.
Beschreibung:	Summary: Junos OS on SRX series contain hardcoded credentials. Vulnerability Insight: As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. Credentials may be taken from the network via man-in-the-middle attacks, or other attack vectors, as above, or others not listed. Vulnerability Impact: An attacker may be able to completely compromise both the SRX Series device without authentication, other SRX Series devices deployed in the same environment running vulnerable versions of Junos OS, as well as Active Directory servers and service, including but not limited to, user accounts, workstations, servers performing other functions such as email, database, etc. which are also tied to the Active Directory deployment. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. Affected Software/OS: Junos OS 12.3X48 and 15.1X49 on SRX Series. Solution: New builds of Junos OS software are available from Juniper. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-2343 http://www.securitytracker.com/id/1038904
Copyright	Copyright (C) 2017 Greenbone AG